So lets assume Alice wants to talk to Bob and its known or assumed that Alice has been targeted by a nation-state scale adversary: what ways are there for Alice and Bob to establish truly secure communication in such a situation? I would assume anything that looks like a computer to the average person is out. we cant trust usb devices, we cant trust the bios, we cant trust the OS, we cant even trust monitors (attacks on all of those areas and much more are listed in the NSA ANT catalog).Assuming a physical meeting between Alice and bob is a possibility one time pad comes to mind as its not attackable by cryptanalytic means and its so simple it could probably be implemented using discreet electronics that can be inspected to detect tampering.Does anyone have a more reasonable idea how to communicate securely under extreme surveillance? Is it just straight up impossible to do when directly targeted?Any thoughts on the subject are much appreciated!

You may be interested in the Solitaire Cipher. There are no electronics involved at all, and while it is slow, it is pretty secure for short messages. A completely shuffled deck of cards with jokers is a 237 bit key - not huge, but pretty good. The primary difficulty is exchanging keys and keeping them secure. I probably can't memorize even one shuffled deck of cards, let alone many, so you'll need some way of storing this information in such a way that if the secret police snatch you off the street in a van and completely disassemble your house they won't find the info, or they will be likely to accidentally destroy it before they realize what it is. I don't have a good answer for this.

BlackSails wrote:You can set up quantum cryptosystems that cannot be eavesdropped on without being detected. You still have the issue of key exchange though

Wrong! Quantum crypto has no key exchange issue. What you do need to set up is a qubit transfer channel, though. Once you have that, you can exchange a key in such a way that any eavesdropping is detectable (and, so, if you do detect such evesdropping, you just throw out those bits of the key, and start over).

Obviously, a qubit channel isn't as easy to come by as a normal communication line, but there's evidence that you can send them on fiber-optics. Additional benefit -- if qubits are expensive, you can use them to securely transmit a reasonably sized key for a traditional, symmetric encryption scheme, and then carry out the rest of your communication that way.

Assuming that, for some reason, they haven't simply thrown you in a small room, they are certainly watching everything you do. If you can visually see what you are doing, they will almost certainly also see what you are doing.

So you need an encryption/decrytion you can perform wholly mentally. I don't believe there are any that you could keep in your head that could possibly contain enough complexity to withstand government level code-breaking.

BlackSails wrote:You can set up quantum cryptosystems that cannot be eavesdropped on without being detected. You still have the issue of key exchange though

Even with an established cryptosystem that you can trust... it doesn't stop it from being the case that every communication simply ends up telling you that it was eaves-dropped upon.

BlackSails wrote:You can set up quantum cryptosystems that cannot be eavesdropped on without being detected. You still have the issue of key exchange though

The problem with this is mostly practical: chances are you don't have the knowledge to build a system yourself, let alone produce all the parts yourself. Because anything you get from external sources will be bugged.

WarDaft wrote:Assuming that, for some reason, they haven't simply thrown you in a small room, they are certainly watching everything you do.

That's a problem of quantum cryptography too: if they are observing everything, they'll break the keystream generator. (I'm assuming the keystream is a matter of observing an entangled particle at both ends simultaneously –correct me if I'm wrong)

WarDaft wrote:So you need an encryption/decrytion you can perform wholly mentally. I don't believe there are any that you could keep in your head that could possibly contain enough complexity to withstand government level code-breaking.

Hmm, there are people who can recite thousands of digits of π (and back in the day bards remembered quite some information too, but that's not as cool and the actual entropy is hard to calculate), so achieving a 2000-bit key is feasible, assuming the key is known before the surveillance starts. Encryption/decryption may be as simple as modular addition/x-or, but then the hard part is extending the keystream.

...unless you're dead by the end of the first 2000 bits of information anyway. (Recently, I found out that 2Kb can even contain multiple seconds of audible voice/music with a semi-generic, simple compression algorithm)

Flumble wrote:That's a problem of quantum cryptography too: if they are observing everything, they'll break the keystream generator. (I'm assuming the keystream is a matter of observing and entangled particle at both ends simultaneously –correct me if I'm wrong)

Correct. The algorithm I learned breaks when observed - the observation scrambles the qubits. It means you can be sure your key wasn't snooped if you succeed at generating one, but it also means that if an adversary has the ability to snoop, they can prevent you from ever successfully generating a key.

If your adversary is the Mossad, YOU’REGONNA DIE AND THERE’S NOTHING THAT YOU CAN DOABOUT IT. The Mossad is not intimidated by the fact that youemploy https://. If the Mossad wants your data, they’re going touse a drone to replace your cellphone with a piece of uraniumthat’s shaped like a cellphone, and when you die of tumors filledwith tumors, they’re going to hold a press conference and say“It wasn’t us” as they wear t-shirts that say “IT WAS DEFI-NITELY US,” and then they’re going to buy all of your stuffat your estate sale so that they can directly look at the photosof your vacation instead of reading your insipid emails aboutthem. In summary, https:// and two dollars will get you a busticket to nowhere. Also, SANTA CLAUS ISN’T REAL. When itrains, it pours.

If they've got cameras watching you all the time in your home, bugs in all your electronics and can clip electrodes to your skin to figure out when you're stressed etc and already have a good idea of who you are and what you're up to, if they're willing to torture you and your co-conspirators... then you've lost.

If you've got electronics which are likely unbugged which you can take apart and examine, if they're not watching you in your home and if you're part of a large crowd that is being watched as part of some mass surveillance network, if you get a chance to plan with your co-conspirators in person at the start.. then you have a reasonable chance.

You can pretend to be an average joe who likes cat pics while hiding encrypted messages inside the least significant bit of every 100th pixel of lolcat pictures you post to some popular site. You can run your software for creating and hiding the messages inside virtual machines on non-networked devices then upload to reddit/aww.

Give a man a fish, he owes you one fish. Teach a man to fish, you give up your monopoly on fisheries.

If they have time to prepare, why not just be incredibly old-school and go all "wind-talkers" on them - learn some extremely obscure language with few remaining speakers, maybe add a simple code on top.

For those with more sociopathic tendencies, or whose desire for security eclipses morality, you can further secure the code by murdering all the remaining speakers of the language.

Mokele wrote:If they have time to prepare, why not just be incredibly old-school and go all "wind-talkers" on them - learn some extremely obscure language with few remaining speakers, maybe add a simple code on top.

For those with more sociopathic tendencies, or whose desire for security eclipses morality, you can further secure the code by murdering all the remaining speakers of the language.

Strictly speaking, a constructed language seems easier to implement than embarking on a murder-spree. Also, more desirable, due to increased certainty that no stray knowledge is out there to compromise your security.

Schwarmaroganz wrote:Does anyone have a more reasonable idea how to communicate securely under extreme surveillance? Is it just straight up impossible to do when directly targeted?

Well nothing is impossible..

Just for fun, lets assume the surveillance is so extreme Alice couldn't even trust her own mother or any electronics, she can only trust Bob. She can do two things.

1. Go all The Next Three Days on them. New name, ID, job, just vanish. Bob should do the same.2. Meet Bob. Go to a place far away from everything. Desert maybe. Scan each other for metal and verify there is none. Leave the metal detector behind and walk another mile. Use a (plastic) umbrella to avoid drones that try to get you on camera or just get under some sheets.

And.. Have a code word to signal you've been compromised. Callgirls call their agency when they get to their client. If they say "no problem", there's no problem. If they say "no problemo", there's a problem. (this is actual fact)

But just for more fun, let's assume Alice (and Bob) are already under surveillance, too late to learn a language, they are behind bars, there simply is no getting away. The only thing protected is their own mind. They will have to communicate using shared memories. If Alice says to Bob "it's the zoo all over again", only Alice and Bob know what that means. Building encryption based on shared memories is possible, but I don't think the human brain can process it at any reasonable speed. And still.. You're not safe. Interrogators could isolate Alice and give her sodium thiopental to break her more easily and get the secrets from her. The best part about sodium thiopental? She won't even remember it happened. How do you know you weren't interrogated last night?

In short? If someone really, really, really wants to.. They'll get you. But obviously, not something for the average person to worry about.